Administrators of complex business processes typically take precautions to help ensure that their business processes continue to operate despite the occurrences of certain unwanted events. For example, many business processes use computer systems for at least a portion of the business process. Often, precautions are taken to ensure that data continues to flow in to and out of these computer systems despite failures of certain devices in the system. For example, backup storage systems and redundant communications paths are often used to increase the integrality of a computing system.
However, these precautions are normally only taken within the particular entity. Typically, a business that relies on another business cannot force the other business to build robust systems, and most businesses are not willing to share the internal details of their operation with other businesses. This is especially true in highly regulated businesses such as banking, finance, health care, energy, etc. As a result, each business typically takes an approach that assumes there is some level of risk that any incoming and/or outgoing communication path may be disrupted.
Network simulation tools help the administrator visualize what devices are in his/her particular network and how those devices are connected to other devices in his/her network. In addition, network simulation tools may allow the administrator to make certain assumptions about devices outside of his/her business that have a direct relationship with one or more devices inside his/her business.
However, these types of assumptions may not be accurate and typically do not take into account ripple effects caused by indirect relationships with other devices. In order to accurately simulate these ripple effects, the network administrator would need to know information about devices outside of his/her business. In addition, network simulation tools do not allow a user to simulate his overall business process. For example, if a portion of a business process calls for an administrator to manually switch from a local call center to a foreign call center in the event of a failure at the local call center, network simulation tools do not allow these “people processes” to be simulated, and business people are typically not willing to expose these types of business model details to other organizations.
Further, these simulation tools do not account for the different risk tolerance levels of different organizations and/or decision makers. Some actions taken by organizations impose operational costs on adversaries that deter certain adversaries from causing certain disruptions to a simulated competitive market environment, and some operational costs imposed by risk tolerance levels do not deter certain adversaries.
Still further, these simulation tools do not account for “two-sided” simulations in which one side consists of organizations competing in a simulated business market and another side consists of a simulated adversary that has an objective of imposing costs on the simulated market, in whole or in part, through some actions intended to disrupt business critical systems operated by one or more organizations within the market.